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Amendment to the Claims: 

This listing of claims will replace all prior versions, and listings of claims in the application: 
Listing of Claims: 

Claim 1. (Currently Amended) An electronic commerce card authentication 
system comprising: 

a merchant system wherein the merchant system is configured to: 

send a verifying enrollment request to a directory server, the verifying 
enrollment request including at least a portion of an electronic commerce card account number; 

receive a verifying enrollment response from the directory server, the 
verifying enrollment response including a web site hosted by a central transaction server, the 
verifying enrollment response further including a pseudonym corresponding to the electronic 
commerce card account number, the pseudonym expiring after a predetermined period of time; 

send an authentication request to a cardholder system in a web page 
having an HTTP redirect command comprising the web site hosted by the central transaction 
server, the web page further including a URL for returning information to the merchant system, 
the authentication request including the pseudonym corresponding to the electronic commerce 
card account number; 

receive an authentication response from the cardholder system at the URL 
for returning information to the merchant system; and 

analyze the authentication response to determine if the electronic 
commerce card account number has been successfully authenticated and initiate initiates a 
payment request process by submitting the electronic commerce card account number to an 
issuer of the electronic commerce card account number; 

the directory server wherein the directory server is configured to: 

receive the verifying enrollment request from the merchant system server ; 

forward the verifying enrollment request to the central transaction server; 

receive the verifying enrollment response from the central transaction 

server; and 
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forward the verifying enrollment response to the merchant system; and 
the central transaction server wherein the central transaction server is configured 

to: 

receive the verifying enrollment request from the directory server; 

send the verifying enrollment response to the directory server; 

receive the authentication request from the cardholder system, at the web 
site hosted by the central transaction server in response to the HTTP redirect command sent by 
the merchant system to the cardholder system; 

forward the authentication request to an access control server; 

relay authentication information between the access control server and the 

cardholder system; 

receive an authentication response from the access control server; 
forward a copy of the authentication response to an authentication history 
server to be archived; and 

forward the authentication response to the cardholder system. 

Claim 2. (Previously Presented) The electronic commerce card authentication 
system of claim 1, wherein the authentication response is translated to a format compatible with 
a merchant system. 

Claim 3. (Canceled) 

Claim 4. (Canceled) 

Claim 5. (Previously Presented) The electronic commerce card authentication 
system of claim 1, wherein the central transaction server is configured to send the verifying 
enrollment response in response to a query to the access control server. 

Claim 6. (Previously Presented) The electronic commerce card authentication 
system of claim 1, wherein the central transaction server is configured to send the verifying 
enrollment response to the directory server with or without querying the access control server, 
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and further is configured to query the access control server in response to receiving an 
authentication request. 

Claim 7. (Previously Presented) The electronic commerce card authentication 
system of claim 1, wherein the pseudonym was previously created by the central transaction 
server. 

Claim 8. (Currently Amended) The electronic commerce card authentication 
system of claim 1, wherein the pseudonym was created by a the merchant system. 

Claim 9. (Canceled) 

Claim 10. (Previously Presented) A method of authenticating electronic 
commerce card information provided by a cardholder, the method comprising: 

sending a verifying enrollment request from a merchant system to a directory 
server, the verifying enrollment request including at least a portion of an electronic commerce 
card account number; 

sending the verifying enrollment request from the directory server to a central 
transaction server; 

sending a verifying enrollment response from the central transaction server to the 
directory server, the verifying enrollment response including a web site hosted by the central 
transaction server, the verifying enrollment response further including a pseudonym 
corresponding to the electronic commerce card account number, the pseudonym expiring after a 
predetermined period of time; 

sending the verifying enrollment response from the directory server to the 
merchant system; 

sending an authentication request to a cardholder system in a web page having an 
HTTP redirect command comprising the web site hosted by the central transaction server, the 
web page further including a URL for returning information to the merchant system, the 
authentication request including the pseudonym corresponding to the electronic commerce card 
account number; 
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receiving the authentication request from the cardholder system, at the web site 
hosted by the central transaction server in response to the HTTP redirect command sent by the 
merchant system to the cardholder system; 

forwarding the authentication request to an access control server; 

relaying, at the central transaction server, authentication information between the 
access control server and the cardholder system; 

receiving an authentication response from the access control server at the central 
transaction server; 

forwarding a copy of the authentication response to an authentication history 
server to be archived; 

forwarding the authentication response to the cardholder system from the central 
transaction server; 

receiving the authentication response from the cardholder system at the URL for 
returning information to the merchant system; and 

analyzing the authentication response at the merchant system to determine if the 
electronic commerce card account number has been successfully authenticated and initiating a 
payment request process by submitting the electronic commerce card account number to an 
issuer of the electronic commerce card account number. 

Claim 11. (Previously Presented) The method of claim 10, wherein the 
authentication response is translated to a format compatible with a merchant system. 

Claim 12. (Canceled) 

Claim 13. (Canceled) 

Claim 14. (Previously Presented) The method of claim 10, wherein the verifying 
enrollment response is sent in response to a query to the access control server. 

Claim 15. (Previously Presented) The method of claim 10, wherein the verifying 
enrollment response is sent to the directory server without querying the access control server, 
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and further comprising querying the access control server in response to receiving an 
authentication request. 

Claim 16. (Previously Presented) The method of claim 10, wherein the 
authentication request was previously created by the central transaction server. 

Claim 17. (Previously Presented) The method of claim 10, wherein the 
pseudonym was previously created by the merchant system. 

Claim 18. (Canceled) 

Claim 19. (Previously Presented) An information storage medium including a set 
of instructions which when executed by an information processing device cause the information 
processing device to perform a set of steps, the set of steps comprising: 

receiving a verifying enrollment request from a directory server; 

sending a verifying enrollment response to the directory server; 

receiving an authentication request from a cardholder system, at a web site hosted 
by a central transaction server in response to an HTTP redirect command sent by a merchant 
system to the cardholder system, the HTTP redirect command comprising the address of the 
central transaction server and including a pseudonym corresponding to an electronic commerce 
card account number; 

forwarding the authentication request to an access control server; 

relaying authentication information between the access control server and the 
cardholder system; 

receiving an authentication response from the access control server; 

forwarding a copy of the authentication response to an authentication history 
server to be archived; and 

forwarding the authentication response to the cardholder system, wherein the 
authentication response includes a URL for returning information to the merchant, the cardholder 
system thereafter forwarding the authentication response to the merchant system, wherein the 
merchant system analyzes the authentication response to determine if the electronic commerce 
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card account number has been successfully authenticated and initiates a payment request process 
by submitting the electronic commerce card account number to an issuer of the electronic 
commerce card account number. 

Claim 20. (Currently Amended) The information storage medium of claim 19, 
wherein the authentication response is translated to a format compatible with the a merchant 
system. 

Claim 21. (Canceled) 
Claim 22. (Canceled) 

Claim 23. (Previously Presented) The information storage medium of claim 19, 
wherein the verifying enrollment response is sent in response to a query to the access control 



Claim 24. (Currently Amended) The information storage medium of claim 19, 
wherein the verifying enrollment response is sent to the directory server without querying the 
access control server, and the set of steps further comprise querying the access control server in 
response to receiving the an authentication request. 

Claim 25. (Previously Presented) The information storage medium of claim 19, 
wherein the pseudonym was previously created by the central transaction server. 

Claim 26. (Currently Amended) The information storage medium of claim 19, 
wherein the pseudonym was previously created by die a merchant system. 

Claim 27. (Canceled) 

Claim 28. (Original) The method of claim 14, further comprising: 
receiving the verifying enrollment response from the access control server in 
response to the query; and 

forwarding the verifying enrollment response to the directory server. 
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Claim 29. (Original) The method of claim 28, further comprising: 
modifying the verifying enrollment response received from the access control 

server; and 

forwarding the modified verifying enrollment response to the directory server. 

Claim 30. (Currently Amended) The information storage medium of claim 23 ±9, 
further comprising: 

receiving the verifying enrollment response from the access control server in 
response to the query; and 

forwarding the verifying enrollment response to the directory server. 

Claim 31. (Original) The information storage medium of claim 30, further 

comprising: 

modifying the verifying enrollment response received from the access control 

server; and 

forwarding the modified verifying enrollment response to the directory server. 

Claim 32. (Previously Presented) The system of claim 1 wherein the payment 
request process includes a charge request, wherein the charge request is generated by a merchant 
and is subsequently sent to an acquirer. 

Claim 33. (Previously Presented) The method of claim 10 wherein the payment 
request process includes a charge request, wherein the charge request is generated by a merchant 
and is subsequently sent to an acquirer. 

Claims 34.-37.(Canceled) 

Claim 38. (Previously Presented) The system of claim 1, wherein the central 
transaction server is further configured to host at least one web page. 

Claims 39.-40. (Canceled) 
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Claim 41 . (Currently Amended) The system of claim 1 wherein the 
predetermined period of time is 5 minutes. 

Claim 42. (Canceled) 

Claim 43. (Previously Presented) The system of claim 1 wherein the payment 
request process includes a cardholder authentication verification value which indicates the 
electronic commerce card has been successfully authenticated. 

Claim 44. (Previously Presented) The method of claim 1 0 wherein the payment 
request process includes a cardholder authentication verification value which indicates the 
electronic commerce card has been successfully authenticated. 

Claim 45. (Previously Presented) The system of claim 1, wherein the central 
transaction server and the directory server are integrated into a single server. 

Claim 46. (Previously Presented) The method of claim 10, further comprising 
substituting the authentication response from the access control server with a response generated 
by the central transaction server. 



Page 9 of 10 



